The company said that in the final six months of last year, 815 “user information requests” came in from governments and law enforcement agencies around the world. Of those, 81 percent were from Twitter’s home country and 60 percent came from American law enforcement agencies. Twitter complied in whole or in part with 69 percent of all requests worldwide.

Like Google, Twitter is now breaking out what type of legal tool was used to force the company’s hand. The company wrote on its website that of American requests, 60 percent were subpoenas, which have a fairly low legal standard under the Stored Communications Act.

“They do not generally require a judge’s sign-off and usually seek basic subscriber information, such as the e-mail address associated with an account and IP logs,” the company wrote.

Eleven percent of US-based requests were court orders signed by a judge, and 19 percent were judge-signed probable cause-driven warrants. The remainder, the company said, “do not fall in any of the above categories. Examples include exigent emergency disclosure requests and other requests received for user information without valid legal process.”

Twitter reiterated its company policy to “notify users of requests for their account information unless we are prohibited from doing so by law or in an emergency situation,” as articulated in its Guidelines for Law Enforcement.

Twenty percent of requests from American sources were issued under seal, meaning “a court has legally prohibited us from notifying affected users (or anyone else) about the request.” In contrast, 24 percent of the time the company was able to notify its users.

The remaining 56 percent of such requests fell into neither category—either because the request was withdrawn, was defective (wrong jurisdiction, no valid Twitter username), was an “exigent emergency disclosure request,” or had another related reason.

29 Reader Comments

Twenty percent of requests from American sources were issued under seal, meaning “a court has legally prohibited us from notifying affected users (or anyone else) about the request.” In contrast, 24 percent of the time the company was able to notify its users.

It is hard to imagine the extent of criminally relevant information that could be gleaned from the pre-internet equivalent of a bumper sticker; honk of you're the stupid criminal stalking with 140 characters.

Don't see why the article, especially the headline, has to put such a negative spin on it.

We should assume that the users being investigated had allegedly commited a crime, most likely threating somebody else. If so, I would want law enforcement to do what they can to find out who the alleged perp/s is/are. Like if someone called my phone and told me he'd kill me, I'd want the police to pull phone records and stuff.

There are enough good reasons to look somebody up. What else is police work supposed to be?

Twenty percent of requests from American sources were issued under seal, meaning “a court has legally prohibited us from notifying affected users (or anyone else) about the request.” In contrast, 24 percent of the time the company was able to notify its users.

And this is perhaps the most disturbing part of the whole thing.

This isn't necessarily nefarious; if someone is investigating a drug dealer and gets a warrant to look at their financial transactions, that is often not disclosed at the time to prevent alerting the subject to investigation into their illegal activities.

Of course, it isn't necessarily NOT nefarious either, but there are good reasons for such things sometimes.

Quote:

I can't help but wonder just what people are saying on twitter that incites law enforcement to get involved?

People make threats on twitter all the time, and I'm sure at least some are related to terrorists who post on there. Don't you guys remember the flame war between Israel and Hamas a few months back?

Don't see why the article, especially the headline, has to put such a negative spin on it.

We should assume that the users being investigated had allegedly commited a crime, most likely threating somebody else. If so, I would want law enforcement to do what they can to find out who the alleged perp/s is/are. Like if someone called my phone and told me he'd kill me, I'd want the police to pull phone records and stuff.

There are enough good reasons to look somebody up. What else is police work supposed to be?

Due process. Just because the police, or someone else, requests information about a person, doesn't mean that the person has commited a crime. It could easily be someone who is friends or workmates with the suspect. So no, we should not 'assume' that the person has commited a crime. (I might add here that everyone should be 'assumed' innocent until proven guilty according to law.)

There is also the matter of the 31% requests worldwide that Twitter doesn't comply with. (for various reasons.) That would indicate that almost every third request does not have any legal basis. That's quite a lot, and certainly warrants consideration.

The genius of the Internet is its decentralized architecture, which, with the exception of a few hierarchical components such as DNS and last-mile service, is quite resistant to interference.

One of the missing features of the Internet is a standard pub-sub transport protocol. Twitter falls short as a solution to this problem because it is a centralized web service with a restrictive ToS and a proprietary advertising business.

What we need is something like a hybrid between a brokerless message queue like zero-mq for realtime messaging and a distributed peer-to-peer datastore like trackerless BitTorrent for offline buffering and sychronization.

I fear that the client-server model embodied by HTTP web services makes them inherently vulnerable to interference as network effects promote the dominance of a few easily regulated services with a critical mass of users. It's impossible for these services to scale without becoming targets for data-mining by government agencies and commercial marketing agencies alike.

The genius of the Internet is its decentralized architecture, which, with the exception of a few hierarchical components such as DNS and last-mile service, is quite resistant to interference.

One of the missing features of the Internet is a standard pub-sub transport protocol. Twitter falls short as a solution to this problem because it is a centralized web service with a restrictive ToS and a proprietary advertising business.

What we need is something like a hybrid between a brokerless message queue like zero-mq for realtime messaging and a distributed peer-to-peer datastore like trackerless BitTorrent for offline buffering and sychronization.

I fear that the client-server model embodied by HTTP web services makes them inherently vulnerable to interference as network effects promote the dominance of a few easily regulated services with a critical mass of users. It's impossible for these services to scale without becoming targets for data-mining by government agencies and commercial marketing agencies alike.

It's pretty simple, actually--set up your own domain and mail server, which is quite inexpensive today. Bulletproof and impregnable? No, but much more private than most of the "free" offerings. An open source CMS, like WordPress (what this site is using) can be used to easily set up forums and group messaging. Yes, a bit more work, but can be private...

Don't see why the article, especially the headline, has to put such a negative spin on it.

We should assume that the users being investigated had allegedly commited a crime, most likely threating somebody else. If so, I would want law enforcement to do what they can to find out who the alleged perp/s is/are. Like if someone called my phone and told me he'd kill me, I'd want the police to pull phone records and stuff.

There are enough good reasons to look somebody up. What else is police work supposed to be?

No you should not assume. Lots of times the so called police work is a fishing expedition trying to find a reason to accuse someone.

It is hard to imagine the extent of criminally relevant information that could be gleaned from the pre-internet equivalent of a bumper sticker; honk of you're the stupid criminal stalking with 140 characters.

Given how stupid many criminals (or would be criminals) are, social media seems to be helping law enforcement more every year.

Don't see why the article, especially the headline, has to put such a negative spin on it.

We should assume that the users being investigated had allegedly commited a crime, most likely threating somebody else. If so, I would want law enforcement to do what they can to find out who the alleged perp/s is/are. Like if someone called my phone and told me he'd kill me, I'd want the police to pull phone records and stuff.

There are enough good reasons to look somebody up. What else is police work supposed to be?

Aha, this is sarcasm... right? I'm having trouble telling.

I trust the police with exactly *jack shit*. All they want is money, they don't care about guilt or innocence, and 99% of their actions, especially the ones not in the media spotlight, involve them power tripping like money-grubbing sociopaths.

I find it strange, if you're not being sarcastic, that you trust the police so much, and that you presume guilt before innocence. What if they were looking for another activist like Aaron Schwartz or Julian Assange? Would you support these subpoenas then?

Don't see why the article, especially the headline, has to put such a negative spin on it.

We should assume that the users being investigated had allegedly commited a crime, most likely threating somebody else. If so, I would want law enforcement to do what they can to find out who the alleged perp/s is/are. Like if someone called my phone and told me he'd kill me, I'd want the police to pull phone records and stuff.

There are enough good reasons to look somebody up. What else is police work supposed to be?

"Terrorist" networks like Al Shabab, etc keep making new accounts, posting all sorts of things like links to beheading videos, etc, get noticed by LEOs, and then the requests roll into Twitter, who complies with the requests. Twitter will also then suspend those accounts, and then the cycle repeats itself as the groups create new accounts ad infinitum.

This happens on every social network (and ISP/email/hosting provider) with a presence in the USA, Europe, Japan, Canada, Australia, New Zealand, Israel, etc. This kind of thing has gone on since the 1980's and the prime BBS/Usenet days. In other words, this is not a new thing. Previously, companies never disclosed the requests to the public. Now some do, when allowed by current laws. That's the only part that is new.

One of the ways they busted the big "pirating" rings run in Australia back in the 1980's and 1990's was by using such requests to service providers to track down the people running them. Now it's moved on to actual organized crime and terrorist networks. More than likely also used to access accounts of known or suspected foreign agents

Don't see why the article, especially the headline, has to put such a negative spin on it.

We should assume that the users being investigated had allegedly commited a crime, most likely threating somebody else. If so, I would want law enforcement to do what they can to find out who the alleged perp/s is/are. Like if someone called my phone and told me he'd kill me, I'd want the police to pull phone records and stuff.

There are enough good reasons to look somebody up. What else is police work supposed to be?

I find your statement that a person being investigated should be assumed guilty of a crime without due process astounding. Presumption of innocence is a fundamental belief of american citizens and encoded into the legal system.

This is good to hear. It does raise a couple of follow-up questions, though - bearing in mind the clear interest Ars Technica readers and commenters have expressed in privacy:

1 Will Ars advise the individual concerned if it ever is contacted by law enforcement to provide data regarding a user, if there is no direction to do otherwise?2. If Ars does receive requests, will it publish that fact?3. How does Ars Technica secure its user information? I understand that several governments are using hacking and/or back doors to access information (e.g. on dissidents) - while I am reasonably comfortable with most things I have posted to the Ars Technica website, there may be some people who have reason for concern either because of where they live or what they've written.